Skip to main content

Attribute Operators

Attribute operators compare one attribute to another or check for the presence of a value. These operators work with any attribute type.

info

Attribute operators are not case sensitive. For example, EXISTS, Exists, and exists are all valid and return the same results.

Also, attribute operators must compare attributes from the same data model. Cross-model comparisons are not supported.

EXISTS

Use EXISTS to check whether an attribute has a value for a given record.

FIND Host AS h WHERE h.privateIpAddresses EXISTS

The above query returns all hosts that have private IP address.

NOT EXISTS

Use NOT EXISTS to check whether an attribute is missing or has no value.

FIND Finding AS f where f.dueDate NOT EXISTS

The above query returns all findings that do not have a due date assigned.

EQUALS TO ATTRIBUTE

Use EQUALS TO ATTRIBUTE to compare whether two attributes have the same value.

FIND Finding AS f WHERE f.riskScore EQUALS TO ATTRIBUTE f.baseRiskScore

The above query returns findings where the riskScore is equal to the baseRiskScore.

NOT EQUALS TO ATTRIBUTE

Use NOT EQUALS TO ATTRIBUTE to find records where two attribute values differ.

FIND Finding AS f WHERE f.riskScore NOT EQUALS TO ATTRIBUTE f.baseRiskScore

The above query returns findings where the riskScore does not equal to the baseRiskScore.

GREATER THAN ATTRIBUTE

Use GREATER THAN ATTRIBUTE to check if one attribute's value is greater than another’s.

FIND Finding AS f WHERE f.riskScore GREATER THAN ATTRIBUTE f.baseRiskScore

The above query returns findings where the riskScore is greater than the baseRiskScore.

LESS THAN ATTRIBUTE

Use LESS THAN ATTRIBUTE to check if one attribute's value is less than another’s.

FIND Finding AS f WHERE f.riskScore LESS THAN ATTRIBUTE f.baseRiskScore

The above query returns findings where the riskScore is greater than or equal to the baseRiskScore.

GREATER THAN OR EQUALS TO ATTRIBUTE

Use GREATER THAN OR EQUALS TO ATTRIBUTE to find records where an attribute is greater than or equal to another attribute.

FIND Finding AS f WHERE f.riskScore GREATER THAN OR EQUALS TO ATTRIBUTE f.baseRiskScore

The above query returns findings where the riskScore is greater than or equal to the baseRiskScore.

LESS THAN OR EQUALS TO ATTRIBUTE

Use LESS THAN OR EQUALS TO ATTRIBUTE to find records where an attribute is less than or equal to another attribute.

FIND Finding AS f WHERE f.riskScore LESS THAN OR EQUALS TO ATTRIBUTE f.baseRiskScore

The above query returns findings where the riskScore is less than or equal to the baseRiskScore.

Last updated on